Register
Page 1 of 6 123 ... Last
Results 1 to 10 of 51
  1. #1
    Sinshroud's Avatar
    Posts
    2,680
    Reputation
    260
    Tagged in
    1060 Posts
    Add to this user's reputation

    WoW Account Maximum Security Guide

    The more gold, items, achievements and general progression you gain for your characters in your World of Warcraft account, the higher you will value it. There is also another value that increase - the value it has on the blackmarket whether it's the entire account or just the gold within it. Account hackers, phishers and scammers get more advanced and innovative each day and in turn we need to ensure that we have maximum security for our accounts.


    My name is Sinshroud I'm going to share with you some of the best security practices to keep your account safe! I have been playing World of Warcraft non-stop since Pre-BC, I have 2 accounts on US and 2 accounts on EU servers. I have over 1.5 million gold that I guard very closely. I've never been hacked. EVER. I don't even have an authenticator (although I do recommend it).



    Before we get started, the most basic form of protection for your account will be a proper password. There are various ways that your password can be obtained and account compromised. Some of the attacks are hit and miss random attacks sent to thousands of people, while others are more sinister and targeted attacks to your account specifically.


    • Guesswork / Common Sense Password Attacks - entering words or phrases that are directly related to you, or trying common password variations such as "sinshroudpassword", "ericwowpassword" or "password1234".
    • Bruteforce Password Attacks - this is when a computer runs an algorithm that tries every single possible number, letter or character combination until one works such as "000", "001", "002" ... "009", "010", "011", "012" ... "019", "020", "021", "022" ... etc, or plain guesswork (such as entering your main character name or your real life credentials in various forms for simply commonly used ones such as "sinshroudpassword" or "ericwowpassword" or "password1234", etc).
    • Phishing Attacks - account thieves impersonate someone such as Blizzard and ask you to login on a fake site, which them gives them access to your account or installs a keylogger/virus on your computer. I will show you how to identify such attacks later on in this guide.
    • Keylogging or Virus Attacks - spyware, trojans, viruses and other malicious programs can install keyloggers on your computer which record your key strokes and capture your username and passwords. Very dangerous because if they have access to your WoW account like this, there is a good chance they have access to your Facebook/Twitter/MySpace/Email/Work accounts for Identity Theft as well as your Banking Details. I will show you how to use a program such as KeePass to avoid needing to type in usernames and passwords ever again, making keyloggers ineffective against you.


    You can easily guard against both Guesswork / Common Sense Password Attacks and Bruteforce Password Attacks by having a password that follows good password practices and standards. Microsoft has a good example of How To Create Strong Passwords that the average computer user can apply and make use of without too much inconvenience of needing to remember a 64 character hexadecimal password.


    • Always use a password that is eight characters or longer - the longer they are the longer a bruteforce attack will take to crack it.
    • Never use the same password for everything - if one of your passwords gets compromised you want to limit it to only that account. I will show you how to use KeePass to store and manage all of your different passwords.
    • Change your passwords often - this is something people always either forget to do, or purposely put off out of inconvenience. Just do it every couple of months.
    • Use a variety of characters in your passwords - letters, numbers, symbols, words, phrases.
    • Never include personal data in your passwords - don't include anything related to you such as your name, wife's name, school name, date of birth, ID/social security number, etc. Always keep it random and unrelated.



    You can use a site such as this to get a general idea of your Password Strength.


    For absolute maximum account security, as advised for WHM/cPanel/FTP/admin accounts or simply really paranoid individuals you can use a Random Password Generator to generate a decent but impossible to remember password. You could try combining a few of these randomly generated characters with the password created through Microsoft's method.




    Phishing is one of the most commonly used methods to steal WoW accounts. If you have been playing World of Warcraft for a significant length of time, chances are you have seen every phishing attempt in the book sent to you.


    The absolutely best thing to do is to create a new email account with a trusted email host such as Google's Gmail.


    • Create the account using a username (also known as a "local-part") that is easy to remember, descriptive and unique. I usually include the word "wow" so that I can identify the account. E.G. "sinshroudwow@gmail.com".
    • Create the account using a password that is NOT THE SAME AS ANY OTHER PASSWORD OF YOURS. If you struggle to remember your passwords I will give you a few tips on this later on in this guide.
    • Change your Battle.net World of Warcraft login account username to this new email address that you have created.
    • Most importantly, NEVER use this email address for anything else. Not for MMO-Champion, not for The Consortium Forums, not for Elitist Jerks, not for Facebook, not for University of Work and definitely not for Buyquickgoldherewedontscamyou Gold Selling Sites.


    What you have effectively achieved with this is made it impossible for you to receive phishing or spam email. The ONLY email you should ever get in this Email Account is from the real Blizzard Entertainment or from your Email Provider. If you ever receive email from somewhere else then you know you have been compromised. You might have a keylogger or virus on your computer that has provided spammers with your email address.

    Quote Originally Posted by Ktlol View Post
    Might have been mentioned already but if you use Gmail for your e-mail address, having two-step verification on that helps a lot as well as an added layer of security.

    You just go into Account -> Security -> turn on 2-step verification. Basically whenever you (or any other bad dudes) try to log into your Gmail you'll receive a code via SMS to your mobile along with a 6 digit code. Helps to know if someone is trying to gain access to your account and provides additional peace of mind.


    Even if you follow my advice above, I highly recommend ALWAYS checking every email you ever receive for phishing attempts.

    Blizzard will ALWAYS greet you by your real name (or whatever name you made the account under). They will never just say "Hello" or "Dear Player", it will ALWAYS be "Dear Eric" or "Hello Eric" or just "Eric", etc. Account phishing is almost never a targeted attack, they won't be singling you out to attack, so scammers won't know any details about you.

    Blizzard will NEVER send you an email notifying you that they are "aware you are trying to sell/trade your personal World of Warcraft account" or anything similar. If there is a problem or suspected breech in their Terms of Service / End User License Agreement by you, they will simply lock, suspend or ban your account. If you receive an email about account disciplinary actions simply try login in-game or visit Battle.net by manually typing it into your web browser.

    Scammers and Phishers will try get you to follow a link to a fake website. They are impersonating the Blizzard website and when you login on that site they then have your login details. So ALWAYS check your links in the email. An easy way to do this is to hover over the link and look at your "Status bar" in your email client or web browser usually found in the bottom left corner of the screen and if it shows a different email address or an email address that isn't Blizzard's then it's a scam.


    As you can see when hovering over the email address "https://www.battle.net/account/support/password-verify.html" the scammers make use of Hyperlinking which allows a user to click on a text based link (which has been made to look like a URL). For example www.facebook.com will actually take you to Twitter because I hyperlinked it. The link they show you in the email wants to actually take you to a different place. Also note that they make the fake link look like it ends in "battle.net" but it actually ends in "-account.com".


    • Blizzard Entertainment will never ask you for your password (except at login screen harhar).
    • Phishing emails make urgent / high priority appeals to you about your account being under investigation. Real Blizzard will just notify you and move on.
    • Phishing emails that offer you stuff are usually too good to be true. If there is a giveaway or competition you will see it on the World of Warcraft homepage or announced on MMO-Champion and similar sites.
    • Check for spelling, typos and syntax errors, Blizzard very rarely make typos because they use a lot of macros and copy/paste answers and are also highly trained.
    • Here is an article for ensuring that your web browser's Phishing Filter is enabled.


    Here is Blizzard's guide at identifying Phishing Emails:








    Blizzard have an excellent analysis of real versus fake comparisons for both In-game Mail and In-game Whispers.






    With this step we are taking preparation for if you ever want to login to your World of Warcraft Battle.net Account online from someone else's computer. A scenario could be that you are out at a friend and a guildy calls you to tell you that someone else is on your account who shouldn't be. You can quickly log onto your friend's computer to change your password - but how secure is their computer? You take one look at their browser and it looks like THIS - yikes!

    You should always be prepared and these days you can fit half your life on a flash drive attached to your keychain. Make sure a portable CLEAN web browser such as Firefox Portable Edition is one of them.



    Download the Portable KeePaas Professional Edition ZIP Package found on the right, reason for the portable version is that it does not require installation and you can put it on a flash drive. Same reason as above, you can login from elsewhere but how secure is that computer?

    KeePass is actually very useful to managing all of your passwords (you should never use the same password for everything anyways). It stores all your passwords and can also auto-fill username/password fields in web browsers or allow you to copy and paste into in-game logins such as World of Warcraft.



    1. Extract the downloaded file onto a Flash Drive that you carry around everywhere on a keychain or something if possible.
    2. Run KeePass.exe Application and click File > New.
    3. Create the Password Database on the same Flash Drive (if you not using a flash drive, put it in your C drive, you may need to close the program and run it as administrator to do this depending on your OS security settings) - you can name it something like "KeePass Database" or whatever you want.
    4. Enter a Master Password and click OK. You could have 20 different passwords but this is the ONLY one that you ever need to remember. It gives you access to all your other passwords. You can also use Key File / Provider or Windows User Account security (you can use all three), but for this guide I will only be using Master Password. Follow good password creation practices.
    5. Enter a Database Name. Call it KeePass Database or whatever you wish.


    You will not be taken back to the program and see 2 Sample Passwords already made which you can delete.


    1. Right click in the main window that has Title, User Name, Password and URL Columns in it and choose Add Entry.
    2. Enter a title to describe what the login details are for.
    3. Enter your username and password.
    4. If it's for a website then enter the URL for that website too.
    5. Add any notes that you want and click OK (perhaps a link to this guide for future reference? :P).



    You will now see your saved Entry in the main window. Now all you need to do is:

    Right click the entry and choose URL(s) > Open, or just hit CTRL + U while you have the entry selected and it will open the website, in this case the World of Warcraft Battle.net website.


    Once you have the website open, right click the entry again and choose Perform Auto-Type, or just hit CTRL + V while you have the entry selected and it will automatically fill and submit your details. NOTE: Some sites such as the Battle.net site will require you to open the Login Dialog Box first (KeepPass is smart though and sometimes it automatically finds those login boxes and will open it for you but you will need to click Perform Auto-Fill a second time to fill it in).


    CTRL + B while you have the entry selected will copy the Username, while CTRL + C will copy the password - so you can just copy and paste into your World of Warcraft in-game login screen too.

    Using KeePass will allow you to practice proper password security by having a variety of passwords for different websites and logins and also protect you from keyloggers when logging into websites and games.


    • Some keyloggers have the ability to check your clipboard/copy and paste data which can to an extent render KeePass useless but keep in mind that isn't the only security that KeePass is providing.
    • KeePass promotes proper security practices by using a variety of unique login details for various websites or accounts.
    • If your email login details, wow login details, computer login details, facebook login details and any other site or account login details are all unique and different from each other, you immediately reduce the chance of account compromise drastically.
    • Instead of a hacker only needing to somehow obtain 1 of your many identical passwords (through identity theft, impersonation , guessing, bruteforce, etc) to gain access to all of your accounts, they are now limited to that specific account only. If they compromise your facebook account then they only have access to that account instead of access to everything else too.
    • Remember KeePass offers up to 3 different combinations of security access to your password vault, Password authentication, Key File authentication and Windows User Account authentication - meaning even if they obtain your master password they still won't have access without the other 2.





    World of Warcraft is a game with an enormous amount of customization available in terms of addons and UI packages. We as gold makers make particularly good use of these resources to enhance our game play and get an edge over our competitors. I use Curse for all my Addon Download needs, and very occasionally WoWInterface. I've never had any problems with either of them account compromise through addons is VERY rare and usually found and reported immediately.

    You can view my thread on How To Install An Addon if you are new to using them.

    The only real tips I can give you for account security via addons is always download only from a trusted source such as Curse, never download, install or run executable addon files, never pay money for addons (it's against Blizzard's ToS/EULA anyways) and always only use addons that you have downloaded yourself.

    I would highly recommend storing your addons on your Flash Drive too, or perhaps even using DropBox to store your addons so that you can access them any time from another computer. Come to think of it you could use DropBox to store KeePass databases and the program itself too. Here is a nice guide for using DropBox, otherwise just follow the tutorials on their site which are adequate too.




    • Don't open ANY attachments in emails (unless it's work related and you're 100% sure it's safe). Tell the person to send it over MSN or something, but an email address can always be faked.
    • Don't click any odd and/or unknown links sent per whisper, in trade, IRC, forums, or what ever. Don't know the person; don't trust the person.
    • You aren't banned (or being investigated) unless you get the "your account has been suspended" when trying to login. Don't trust any emails saying otherwise.
    • You aren't invited for Alpha/BETA before the testing start has been announced on either MMO-Champion or another Blizzard fan site.
    • Use an up-to-date browser. I would recommend Firefox with AdBlockPlus (ads can be used to infiltrate usually safe websites, as happened with World of Raids a long time ago).
    • Update Windows and do a virus scan once every 5 weeks or so (more often is of course preferred).
    • Don't share your login information with anyone. A very common tip, but people still do it to get around the queue or something like that. My advice: just don't do it. To skip the queue you could use TeamViewer or LogMeIn yourself.
    • Don't buy power leveling services. Again: don't share your account information.
    • Don't buy gold, or rent your account to gold farmers. Same as above.
    • Don't install bots or other cheating applications. Keyloggers can be in anything.
    • Use your common sense - train yourself to detect bad links and emails so not opening them becomes a nobrainer.


    I don't know how many times we need to say this, but NEVER EVER SHARE YOUR ACCOUNT DETAILS. I don't care if it's your real life friend of 20 years, your uncle or your wife. People often scoff and say that that person will never do anything, but you know what? If they are going to be logging in on a computer that isn't yours, and they haven't followed this guide here accurately then your chance of account compromise has just been raised a huge amount. Key loggers, phishing attempts, viruses, malicious addons and malicious websites that someone else's computer may have been exposed to puts your account at risk.




    Lastly but certainly not least, the World of Warcraft Authenticator! A vital component to your maximum account security system. You can buy them from Blizzard, you can buy them from eBay, you can buy the mobile version on your iPhone and similar, and there are a few computer emulator ones floating around the net too.



    To finish off we will look at some of the procedures to regain control of your account and recover any lost items, gold and characters in case your account does indeed get compromised or you with to assist a friend who has suffered such fate.

    Blizzard have created an excellent series of Customer Support Videos on Youtube including a What to do after being hacked help video.



    The Chapters that it covers are:




    A wealth of information and links about Anti-Viruses, Account Security, How to Request In-Game Support, Contact Billing and Account Services and other Support Articles for both US and EU players can be found in the video information.

    Author: Sinshroud.
    Contributors: Zero and Blizzard Entertainment's Types of Account Thefts Security Page.

    Last edited by Sinshroud; June 13th, 2012 at 02:36 AM.
    If someone makes a helpful post or useful thread, be sure to let them know by giving +reputation. Spread the love!

    If you are new to gold making, or want to expand your markets for greater profits, then consider becoming an Ethereal Contributor to gain access to additional guidance on gold making, as well as our private dedicated help and support forum.

    >> WoW Account Maximum Security Guide <<

    "If you spend too much time thinking about a thing, you'll never get it done." - Bruce Lee

  2. #2
    Namssob's Avatar
    Posts
    1,485
    Reputation
    123
    Blog Entries
    1
    Tagged in
    454 Posts
    Add to this user's reputation
    Excellent....I would want to link to this guide from any forums I frequent. Well done!
    How To: Create And Sell Profession Kits ---- MoP Shuffle Flowchart ---- Article: A Case For Dual Gathering
    "Never underestimate the sheer amount of derp the majority of WOW's playerbase possesses." -- Belrandir
    "They could have offered me free ERPing in Goldshire with real women over Skype for the next year and I would have passed." -- Zerohour
    "Scissors are OP. Rock is fine." --Paper

  3. #3
    Xsinthis's Avatar
    Posts
    639
    Reputation
    17
    Tagged in
    208 Posts
    Add to this user's reputation
    While account security as good and whatnot, everytime I read one of these things I can't help thinking how much a pain in the ass many of these are and how anal you must be to use *ALL* of them (no offense)

    As a side note, Adblock Plus for Firefox is amazing, it even blocks the pesky ads in youtube

  4. #4
    Acry's Avatar
    Posts
    1,327
    Reputation
    67
    Blog Entries
    3
    Tagged in
    618 Posts
    Add to this user's reputation
    Vary nice!
    Screw the rules, I have money!
    If a post helped you - make sure you click the + rep button!

  5. #5
    Valdron's Avatar
    Posts
    859
    Reputation
    135
    Tagged in
    292 Posts
    Add to this user's reputation
    I don't even have an authenticator (although I do recommend it).
    I ALMOST stopped reading right there. Because it's a quality Sinshroud guide though, I read through it and realized how unprotected my account is.

  6. #6
    Priestess's Avatar
    Posts
    117
    Reputation
    5
    Tagged in
    28 Posts
    Add to this user's reputation
    Very nice guide. A little long for some people to read through. You may want to create a TLR version of the most important things.

    Also, "Microsoft have a good example of How To Create Strong Passwords" should read "has a good example"

  7. #7
    Excellent guide Sin. I particularly enjoyed that link to the site that tells you how long it takes you to have your password bruted (sorry, its nearly 4am in the uk and at this hour, im easily amused).

    There are some things in there I will definately get and try (KeePass is one of them, keep forgetting all my passwords).
    The Shaman Formerly Known As "Shamacazzy"
    Blog

  8. #8
    Great guide, lots of good tips and not only for protecting your WoW accounts. I am also diligent about security and I am baffled sometimes by friends paying absolutely no attention to it whatsoever. The thought of someone stealing my gold or accessing my files at home makes me want to reach for the baseball bat or an appropriate iron in my golf bag.

    I just wanted to add one thing: The Authenticator is much less of a hazzle than many people think and it will save you a lot of work if you find what Sinshroud describes as complicated. On top of everything, the mobile authenticator is free. Blizzard will save the IP addresses from the locations you typically log in from. In my case this is home, work and a 3G connection (iPad). As long as you stick to these, you will rarely have to actually look up and enter the authentication code. If you or someone else attempts to log your WoW account from a new location it will always ask for the authentication code. Therefore, the authenticator coupled with a secure, dedicated e-mail address attached to your BattleNet account should keep things safe.

    One extra thing to consider: If you are using LogMeIn on the iPad like me from very different locations in the world when travelling, you also need to be diligent about keeping this login information safe. In the scenario of someone having your BattleNet login details and your LogMeIn details, and they're smart enough to couple them together, the authenticator will not be a barrier since your WoW account is still being logged from your home location. I have never heard of anyone losing anything this way, but it is possible.
    Last edited by methuselah; January 5th, 2012 at 01:18 AM.

  9. #9
    Sinshroud's Avatar
    Posts
    2,680
    Reputation
    260
    Tagged in
    1060 Posts
    Add to this user's reputation
    Quote Originally Posted by Xsinthis View Post
    While account security as good and whatnot, everytime I read one of these things I can't help thinking how much a pain in the ass many of these are and how anal you must be to use *ALL* of them (no offense)
    It's a fair point but if you actually look at the guide as a whole you will see that it isn't actually that complicated or overboard.

    1) Safe password practices, this is just a way of thinking or something to keep in mind when making passwords, infact making a random sentence or what ever can sometimes be quicker than sitting at your PC for a while trying to think up a "hard to guess" password which are usually still related to the user in some way.
    2) New Email Account, takes matter of minutes and saves you hassle of wading through thousands of spam.
    3) Identifying Phishing Emails, it isn't an actual method of protection you physically have to do, it's just something that you keep in mind when receiving emails. Takes just a few seconds to hover over a link or check it's header and to identify typos or un-blizz-like behaviour.
    4) Identifying Phishing Attacks Ingame, same as above.
    5) Download it, keep it, and only use it on those very rare occasions that you login from wow at a friend's house or someplace foreign. It's probably not a frequent activity but it's good to have if the need arises.
    6) KeePass is probably your most "anal" form of protection, but once it's set up it takes just a matter of seconds to auto-fill information or copy and paste. Actually saves you time in the long run by helping you remember all your different account logins.
    7) Addons, something we all already do. Just make sure you only download them from a trusted source and that you don't install .exe's if possible.
    8) Don't open attachments, don't follow weird links, use adblocker, don't share login, scan PC for viruses, don't buy gold/powerleveling, don't bot/hack.
    9) Authenticator, to me this is the most irritating and time wasting part of the entire system, yet for many this is their only line of defense.

    While I'm on this topic of debunking perceptions, someone mentioned in IRC that some keyloggers can see your copy and paste data rendering KeePass copy and paste into WoW useless. It doesn't completely because a big thing about KeePass promoting the use of multiple usernames and passwords. If your email login details are different, computer login details are different, login facebook details are different and wow login details are different you immediately reduce your risk of account compromise drastically because instead of a hacker only needing 1 of your 4-5 passwords to gain access to all of it, they have to find the specific one. Also saves you from things like identity theft through FB accounts or what not.

    Quote Originally Posted by Priestess View Post
    Very nice guide. A little long for some people to read through. You may want to create a TLR version of the most important things.

    Also, "Microsoft have a good example of How To Create Strong Passwords" should read "has a good example"
    Thanks for that, I will edit that typo and also will be adding an index with jumpto links and a quick overview of each step.

    Quote Originally Posted by Cazmia View Post
    I particularly enjoyed that link to the site that tells you how long it takes you to have your password bruted (sorry, its nearly 4am in the uk and at this hour, im easily amused).
    It kept us amused in IRC for quite a while too, testing different random strings of words like "ihasallyourgoldbecauseyounoobatah" haha.

    Quote Originally Posted by methuselah View Post
    One extra thing to consider: If you are using LogMeIn on the iPad like me from very different locations in the world when travelling, you also need to be diligent about keeping this login information safe. In the scenario of someone having your BattleNet login details and your LogMeIn details, and they're smart enough to couple them together, the authenticator will not be a barrier since your WoW account is still being logged from your home location. I have never heard of anyone losing anything this way, but it is possible.
    Yes it's actually very scary how easy it is to hack wireless networks or other "wire less" connections with programs like Wireshark. Most of the time if someone has gained access to your laptop/ipad through such methods then your wow account is the lest of your worries.
    Last edited by Sinshroud; January 5th, 2012 at 01:23 AM.
    If someone makes a helpful post or useful thread, be sure to let them know by giving +reputation. Spread the love!

    If you are new to gold making, or want to expand your markets for greater profits, then consider becoming an Ethereal Contributor to gain access to additional guidance on gold making, as well as our private dedicated help and support forum.

    >> WoW Account Maximum Security Guide <<

    "If you spend too much time thinking about a thing, you'll never get it done." - Bruce Lee

  10. #10
    tl;dr

    Quote Originally Posted by Sinshroud
    1) Use a different username and password for each site.
    To me, that's a lot easier said than done. I realize you address this in a later step, and I'll get to that. My experience (and I imagine I have as many passwords as anybody here) tells me that passwords should follow a hierarchical structure. Forums that I don't care about being hacked on get a password that I can remember. It is shared. Each email has a different password. These two don't overlap. Facebook has its own. Banks have their own. Credit Cards have their own.

    There is some sharing, but each level is partitioned and separate from the next. If each had its own pw, I wouldn't be able to function.

    Quote Originally Posted by Sinshroud
    2) Use a unique email address only for WoW.
    More or less. I use my primary email, but I never use that email for crap like forums or blogs. You definitely don't want to use an email that's plastered all over the web.

    Quote Originally Posted by Sinshroud
    3) Learn to ID Phishing.
    Yeah. The average WoW player sees more of this than the average Yahoo! reader. Makes sense to have this.

    Quote Originally Posted by Sinshroud
    4) Learn to ID in-game Phishing.
    Absolutely. If there isn't a Blizz icon next to the name, report the player as spam and move on.

    Quote Originally Posted by Sinshroud
    5)Have a clean web Browser when not at home.
    Yep. Also - make sure you log out of shit and don't use cookies or anything while you're not at home. Most browsers have a private browsing feature.

    Quote Originally Posted by Sinshroud
    6) Use KeePass.
    Eh, no. I have half a dozen corporate passwords that I manage on a permanent, 90-day, or 30-day basis. The company employs 75k people worldwide. They have their own global Help Desk. If you screw up your password, you get locked out and have to call them to reset it. So, it kinda makes me think that if having a universal password account that safegaurded your other passwords was actually a good idea, they'd scale the Help Desk back by 50% and keep the money for themselves.

    It doesn't make sense to me to lock all my passwords behind another, single password. Seems like it's actually less secure.

    Quote Originally Posted by Sinshroud
    7) Only use trusted add-ons.
    Yeah, guys. Download your shit from Curse or from Sapu or Erorus. That's it.

    Quote Originally Posted by Sinshroud
    8) Don't be a dumbass.
    'nuff said.

    Quote Originally Posted by Sinshroud
    9) Authenticator, to me this is the most irritating and time wasting part of the entire system, yet for many this is their only line of defense.
    It's also the most time-effective method from everything you cited, and I think it's one area in your guide that you completely blew off.

    Blizzard has implemented an opt-in feature that you can enable in your account settings which forces authentication on every login rather than the currently standard once-a-week. The issue with once-a-week is that it is highly susceptiple to a man-in-the-middle attack or ip-spoofing. By requiring authentication every login, I don't see any effective means by which an account can be compromised.

    There is a reason why global Fortune 500 companies use RSA tokens for employees who VPN in. They are secure.
    Retired - I blame Kathroman for everything.

    (that's a joke, eh)

 

 

Similar Threads

  1. TSM Guide: Dual Account Setup
    By vae432 in forum General TradeSkillMaster Discussion
    Replies: 66
    Last Post: January 16th, 2013, 12:12 AM
  2. transfering TSM "settings" from account to account?
    By smrdlja in forum General TradeSkillMaster Discussion
    Replies: 0
    Last Post: July 28th, 2011, 05:07 PM
  3. Replies: 9
    Last Post: April 16th, 2011, 07:56 PM